From: Lou Ioanni (louisccie_r_s@yahoo.com)
Date: Fri Feb 23 2007 - 01:06:23 ART
ooooops Ivan you might be right. It is either ip proxy-arp or ip redirects. Not sure which one I enabled....it is been a while back.
Thanks,
Loizos
Ivan Ivanov <ivanov.ivan@gmail.com> wrote:
Hello,
You can search the archive, soon there was a good explanation on this question.
If 'ip direct broadcast' is enable, and when the router receives
direct broadcast, it change it to 255.255.255.255, and every one PC
answers to this packet. That is why it is now disabled by default in
IOS.
And I don't see any reason to be enabled. I think that Loizos mean 'ip
proxy-arp'. Maybe I am wrong, but when you don't have default gateway
only proxy-arp can help you to have access to other networks.
Bye!
On 2/21/07, Lou Ioanni wrote:
> It is a common practice for security, especially on edge routers. "no ip directed broadcast" protects against Smurf attacks
>
> "The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet."
>
>
> Sometimes it is necessary to enable ip directed broadcasts on an interface. For example recently I replace an existing device with Cisco 4500 and I disabled ip directed broadcast on all interfaces. Then the customer told me that one server was not seen (not accessible). He said that there was no default gateway configured on the server and that is the way always worked. When I enabled the "ip directed broadcast" on the interface the server was seen in the network without using a default gateway. Just have that in mind.
>
> Thanks,
>
> Loizos Y.
> CCIE#10702 R & S
>
> bobby bobby wrote: Please i was confused in arguement with a colleque in the office.Please can
> anyone enlighten me more on this command on a router .
>
> no ip direct
> broadcast
> _____________________________________________________________________________
> _______
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.
> http://autos.yahoo.com/new_cars.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> ---------------------------------
> Bored stiff? Loosen up...
> Download and play hundreds of games for free on Yahoo! Games.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Best Regards!Ivan Ivanov
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART